Compiling a program doesn’t protect it or necessarily hide the source. Take the following example C program. It serves no real life purpose and should never print anything to the console:
#include <stdio.h>
int main(void)
{
const char *password = "secretpassword";
const char *otherpassword = "othersecretpassword";
if(!strcmp(password, otherpassword))
{
printf("This will never get evaluated");
}
return 0;
}
To assemble the code using gcc -S test.c leaves test.s. The important point being that all strings remain intact:
.file "test.c"
.section .rodata
.LC0:
.string "secretpassword"
.LC1:
.string "othersecretpassword"
.LC2:
.string "This will never get evaluated"
.text
Now to compile: gcc -o test test.s
box:~# gcc -o test test.s box:~# ./test box:~#
So our passwords are now buried away and our source is hidden? Unfortunately not.. Additionally, many users think that ‘strip’ removes such additional information. ‘strip’ removes the symbol table and additional debugging information only.
box:~# ls -al test -rwxr-xr-x 1 root root 6460 Nov 2 16:46 test box:~# strip test box:~# ls -al test -rwxr-xr-x 1 root root 3104 Nov 2 16:47 test
Well, ‘strings’ is a utility to print any printable strings within a binary file:
box:~# strings test /lib/ld-linux.so.2 __gmon_start__ libc.so.6 _IO_stdin_used printf strcmp __libc_start_main GLIBC_2.0 PTRh0 [^_] secretpassword othersecretpassword This will never get evaluated
This is one reason why compiling your software doesn’t protect it. Constants are stored as is in compiled form. There are obfuscaters, encoders and a host of other tools that can help to protect your code although the golden rule is that if a machine can understand/parse/read it, so can a human.